"Sabu", aka Hector Monsegur provided info leading to the arrest of at least 10 LulzSec, AntiSec, and Anon hackers

On Tuesday, former "hacktivist" Hector Xavier Monsegur received a suspended sentence of 7 months (time served) for his role in rounding up virtually every member of the hacking group he once led. At the hearing, Mr. Monsegur appeared quiet and serious saying he was "not the same man" as he had been when he committed the offenses that led to his original arrest. In ordering a suspended sentence, the presiding Judge agreed, stating that Mr. Monsegur has "turning on a dime to doing good, not evil" since he was arrested.

I. The Rise

The story of Mr. Monsegur, (now) 28, began in 2011 with the rise of LulzSec [1][2][3][4] [5][6][7][8] [9][10][11][12] [13][14][15].

At the time the young computer expert was better known in the digital underground by his hacker handle "Sabu". For years he led a double life as one of the world's top "hacktivists", acting as a senior-level organizer for some of the most volatile parts of the global hacker collective known as Anonymous. As a founding member and leader of the group LulzSec, he carried out a series of increasingly political attacks against U.S. government websites and large corporations like Sony Corp. (TYO:6758).

Hector "Sabu" Monsegur, 28, convicted hacker [Image Source: AP]

As the members of LulzSec began to get picked up, many in Anonymous cheered that Sabu still appeared to be active and free. That joy turned to shock and disgust when it was revealed that Sabu -- a father of two young boys -- allegedly offered to betray his hacker comrades in order to be a free man and be able to take care of his kids.

Operating as "Backtrace Security" Asherah and her colleagues frowned on LulzSec's antics, which it felt hurt consumers more than corporations. Operating as "FakeGreggHoush" (named after Gregg Housh, an Anonymous member Asherah accused of harassing her), Asherah (Emick) launched the website Anonymousdown and worked with th3j35t3r ("The Jester"), DustLavaRockSan, b14ck4dd3r, FailSec, awinee, and TeaMp0iSoN to try to discover the true identies of LulzSec and "dox" them, leading to their arrest.

In March 2011, they "doxed" (revealed the identity of) Sabu in a PDF dubbed "Namshub".

[Image Source: LulzSec]

At the time the release wasn't taken all too seriously, as LulzSec's top members had already seen many inaccurate doxings -- some of which they may have themselves orchestrated in obfuscation attempts. But this time it was the real deal; Ms. Emick had received leaked LulzSec chat logs from a former Anonymous colleague. In the logs Sabu accidentally posted a domain he owned which -- with a bit of mutation -- led to a social network where he posted photos of his car. How that information led to his arrest remained unclear, but what is clear is that the info was more weakly protected that Sabu's LulzSec identity, which actively posted on sites like Twitter.

II. The Fall

While most didn't take the release very seriously, U.S. federal investigators did.

After looking into the info on June 25, 2011 the U.S. Federal Bureau of Investigation (FBI) paid a visit to Mr. Monsegur's house and arrested him. The arrest happened quietly and for nearly a year he provided intelligence before his identity was exposed by a second arrest in March 2012, when the FBI discovered he had been illicitly talking [PDF] with close colleagues in the Anonymous community about the arrest, even as he publicly assisted the FBI in hunting down the remaining at-large members of LulzSec.

His cooperation led to multiple arrests, so he was allowed to remain free despite his behavior, which was punished with the likely purposeful exposure of his identity by the courts.

After being harassed by members of Anonymous, former member Jennifer Emick had the last laugh, turning Sabu into an informant. [Image Source: Gaelic Podcasts]

Anon made a great idea for a protest group, but a terrible idea for criminal hacking group. [The media] always seem to have fallen for the forced image Anon wanted people to see: naughty scamps with a conscience. They ignored a lot of really dark stuff…harassment, endangerment. The arrests clearly aren’t overand there are many more informants than Sabu…lots.

Indeed, that post appears to have proven prophetic.

Sabu's case finally wrapped up at a Tuesday sentencing hearing at a court in New York City, New York. In the end the hacker was sentenced to the time he served during his brief 2011 sentence -- 7 months. That was a pretty lenient sentence, considering the twelve criminal counts of hacking, conspiracy to hack, and fraud that he faced carried a maximum consecutive sentence of 124 years and a maximum total of $2.5M USD in fines.

III. Betrayed by Their Leader

But it came at the cost of more betrayals.

After the FBI relocated him and his foster children following threats which started after his 2012 exposure as an informant, he continued to cooperate with them, stopping hacks against the U.S. military, NASA and media companies. In total, court documents filed by the FBI on his behalf paint him as a mostly model informant, thwarting 300 cyberattacks against key entities in only three years.

The document also detailed how had Sabu not cooperated, the other LulzSec folks might not have been caught. Apparently the group had a collective self-destruct on their file systems which would have kicked in had Sabu gone missing and/or been announced arrested.

States the document:

Working sometimes literally around the clock, at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts. During some of the online chats, at the direction of law enforcement, Monsegur convinced LulzSec members to provide him digital evidence of the hacking activities they claimed to have previously engaged in, such as logs regarding particular criminal hacks.
...
Monsegur admitted to engaging in hacking activities about which the government had not previously developed evidence.

The FBI concluded that the defendant had been "extremely valuable and productive" to law enforcement.

Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We understand, but we were your family too (remember what you liked to say?) It’s sad and we can't imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to [the] police.

The post seems to indicate Anonymous' mixed feelings about Mr. Monsegur's decision. They seem to acknowledge that they might have done the same thing. But at the same time they clearly label him a traitor, saying he should have perhaps put principles above all else.

IV. The Arrested

But many members of Anonymous have since learned the alternative first-hand. Among those who Sabu's information led to the arrest and conviction of:

Ryan "ViraL" Cleary, 22 (Wickford Essex, UK)

Ryan "ViraL" Cleary [Image Source: Metropolitan Police/PA]

Plead guilty

Sentenced to 32 months

Was found to possess child pornography; received leniency due to his diagnosis of Asperger's syndrome.

Note that other than Mr. Hammond no arrested hacker in the LulzSec, AntiSec, and Anonymous campaigns has been sentenced to more than two years behind bars. Many, in fact, are now free on probation. The key exception, of course, is Mr. Hammond.

V. Closure

In court this week Sabu got precisely what Mr. Hammond had not -- judicial mercy. A petulant Mr. Monsegur remarked at his sentencing hearing:

Over the last three years I’ve gone through a lot of changes and learned a lot of lessons. I’ve done a lot of soul searching… and I realized I hurt my family the most. I’m not the same person you saw here three years ago.

The immediacy of Mr. Monsegur’s cooperation and its around-the-clock nature was particularly helpful to the government. That personal characteristic of turning on a dime to doing good, not evil, is the most important factor in this sentencing.

His family has been subject to threats, assaults, and all manner of danger. For all these reasons, I find that Monsegur is entitled to a downward departure [a lighter sentence].

The things you did [prior to your arrest] were not so good, [but] you have done as much as any human can do [to make up for those acts] and I salute you for that.

Now a free man thanks to his cooperation, he will have to serve a year of supervised release. Judge Loretta has yet to rule on compensation for Sony and other corporations that were harmed by his hacking. If he is order to pay compensation, though, it can be safely expected to be well below the maximum amount of $2.5M USD.

It is unclear what's next for the hacker, who many former colleagues regard as a digital Benedict Arnold. Hackers such as Adrian Lamo -- who turned in Wikileaker Pfc. Bradley Manning -- have struggled with similar criticism in recent years, but have found ways to continue to contribute in various roles including as media commentators, security experts, and even as government security analysts.

While Sabu may be a marked man for some time, the good news for him is that such sentiments will likely eventually fade, as even Anoynmous seemed to acknowledge at its most bitter that Sabu did what he had to, to look out for his family. And in the end the outcome was disruptive to Anonymous and LulzSec, but by no means a life sentence, as all but Jeremy Hammond were sentenced to less than two years in prison.

There's far bigger fish to fry. Like a sizeable contingent of the PLA. I get that these attacks are annoying--fair enough. I say instead of jail time, we put these kids through (for lack of a better term) a re-education program which indoctrinates them on where the real risks in the cyber-domain lie. The westernized world can use all the help it can get on fending off and thwarting cyber-attacks from China, Iran, N.Korea, etc.

If you were caught red-handed & given the choice between hard time & earning a paycheck to CONTINUE what you're doing...but with a different target--would YOU pass it up?

I remember working at an email security company at that time. It was great business. We used Lulzsec's hacks to sell more products. It was great marketing even though these guys didn't really do much except DoS attacks.

Don't harm innocents if you want to be taking seriously in the secure tech realm. Hiding behind a false belief that you are doing more good than harm is hardly acceptable.

The REAL activists will only harm the offenders, not accepting collateral damage in some narcissistic basis. Or better yet, rather than shame a given entity, offer your services to address the problem. Of course, for the narcissist, the problem is they are not recognized for their actions.

LulzSec and Anon both harmed innocents in the end.

I hate snitches, but irresponsible behavior of this sort is exactly why the real conversations are too hard to have today in this country.

On the flip-side, the gov should be learning a lesson, even though I'm sure it isn't. You can't betray the masses and then assume they will "just leave your weak infrastructure alone".

There's a right way and a wrong way, but two wrongs don't make a right and ultimately detracts from the real mission: securing our freedom.

Most hackers are just teenagers and not that skilled. All the GOOD developers are gainfully employed and have far too much to lose to be messing around hacking and cracking. The kids all talk big but have little skill, they usually use off the shelf tools and are rather easy to get caught. the whole anonymous thing doesn't really even exist. I can be part of anonymous just by saying so... lame.